Critical Cisco ISE Vulnerability Allows Attacker to Execute Malicious Code Remotely
Cybersecurity NewsArchived Jun 18, 2026✓ Full text saved
Cisco has disclosed critical security vulnerabilities in its Identity Services Engine (ISE) that could allow attackers to execute malicious code remotely and access sensitive data, posing a significant risk to enterprise networks. The vulnerabilities, tracked as CVE-2026-20181 and CVE-2026-20190, were published under advisory ID cisco-sa-ise-multi-G5WP8vv on June 17, 2026. With a CVSS score of 9.1, […] The post Critical Cisco ISE Vulnerability Allows Attacker to Execute Malicious Code Remotely a
Full text archived locally
✦ AI Summary· Claude Sonnet
HomeCisco
Critical Cisco ISE Vulnerability Allows Attacker to Execute Malicious Code Remotely
By Abinaya
June 18, 2026
Cisco has disclosed critical security vulnerabilities in its Identity Services Engine (ISE) that could allow attackers to execute malicious code remotely and access sensitive data, posing a significant risk to enterprise networks.
The vulnerabilities, tracked as CVE-2026-20181 and CVE-2026-20190, were published under advisory ID cisco-sa-ise-multi-G5WP8vv on June 17, 2026.
With a CVSS score of 9.1, the flaws impact Cisco ISE and ISE Passive Identity Connector (ISE-PIC) deployments regardless of configuration.
The most severe issue, CVE-2026-20181, is a remote code execution (RCE) vulnerability caused by improper validation of user-supplied input.
An authenticated attacker with administrative privileges can exploit the flaw by sending a crafted HTTP request to the affected system.
Cisco ISE RCE Vulnerability
Successful exploitation allows attackers to execute arbitrary commands on the underlying operating system. Attackers may initially gain user-level access and then escalate their privileges to root, gaining full control of the device.
In single-node deployments, exploitation can also lead to a denial-of-service condition, preventing new endpoints from authenticating to the network until the system is restored. This could disrupt enterprise access control systems that rely on Cisco ISE.
The second flaw, CVE-2026-20190, is an information disclosure vulnerability caused by improper authorization checks. Unlike the RCE issue, this vulnerability can be exploited by an unauthenticated remote attacker.
By sending crafted requests, attackers may gain access to sensitive information stored on the device, including hashed credentials. These credentials could be leveraged in further attacks, increasing the risk of lateral movement within a network.
Cisco confirmed that all versions of ISE and ISE-PIC are affected, though specific vulnerabilities vary by release.
Cisco has released fixes for the vulnerabilities in ISE 3.3 Patch 11 and ISE 3.4 Patch 6, with a fix for ISE 3.5 Patch 4 planned for August 2026.
Earlier versions must be migrated to supported releases, and no workarounds are available, making patching the only effective mitigation.
Cisco’s Product Security Incident Response Team (PSIRT) stated that there is currently no evidence of active exploitation in the wild. However, given the high severity and ease of exploitation, organizations are strongly advised to prioritize updates.
The vulnerabilities were reported by security researchers from TrendAI, STAR Labs, and the Zero Day Initiative, highlighting coordinated industry efforts in responsible disclosure.
Organizations using Cisco ISE should immediately assess their exposure and upgrade to fixed software versions.
Additional defensive measures include: Restricting administrative access to trusted networks, Monitoring logs for suspicious HTTP requests, Reviewing authentication and privilege escalation activity.
These vulnerabilities underscore the critical role of identity infrastructure in enterprise security and the potential impact when such systems are compromised.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
Tags
cyber security
cyber security news
Copy URL
Linkedin
Twitter
ReddIt
Telegram
Abinayahttps://cybersecuritynews.com/
Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space.
Trending News
GitHub to Automate Disable npm Script Installs to Block Supply Chain Attacks
27-Year-Old OpenBSD Vulnerability Allows Attackers to Bypass PAP Authentication Entirely
Microsoft 365 Device Code Phishing Campaign Bypasses Password Theft With Legitimate Login Flow
OptinMonster Plugin Hack Exposes 1.2 Million WordPress Sites to Cyberattack
PRC-Nexus Hackers Exploit REDCap Servers to Spy on US Medical Research Institutions
Latest News
Cyber Security News
F5 Patches NGINX Vulnerability That Enables Code Execution and DoS Attacks
Cyber Security News
Hackers Abuse PowerShell Commands to Deliver SmartRAT Through Brazilian Bank Phishing Page
Cyber Security News
Evilginx AiTM Attack Captures Microsoft Credentials, MFA Tokens, and Authenticated Sessions
Cyber Security
PoC Exploit Released for HTTP/2 Bomb Remote DoS Vulnerability in Apache HTTP Server
Cyber Security News
Hackers Abuse PowerShell, VBScript, and BAT Files to Deliver Xctdoor Backdoor